Super slow and driving me nuts - Page 2

heather321 · #16 January 14th, 2012, 02:35 AM

Ok, I found the Ask.com thing.. it was called something like Gamebar something or another in the Program & features..

Here is the the Maleware bytes log:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.13.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Gareth :: LAPTOP [administrator]

1/13/2012 6:21:52 PM
mbam-log-2012-01-13 (18-21-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181974
Time elapsed: 6 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

heather321 · #17 January 14th, 2012, 02:37 AM

The Virus scan deal didnt find anything, so I dont have anything to post...

I still dont have my quick launch Icons either, but the computer itself is lots faster and seems to be getting lots better.

Here is the Otl log.
OTL logfile created on: 1/13/2012 8:18:05 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gareth\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 53.48% Memory free
6.18 Gb Paging File | 4.91 Gb Available in Paging File | 79.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.27 Gb Total Space | 4.04 Gb Free Space | 10.28% Space Free | Partition Type: NTFS
Drive D: | 95.97 Gb Total Space | 46.00 Gb Free Space | 47.94% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Gareth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/09 19:41:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gareth\Desktop\OTL.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/12 12:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 20:37:54 | 000,547,824 | ---- | M] (Rovi Corporation) -- C:\Program Files\Roxio\RoxioNow Player\CNRpc.exe
PRC - [2011/08/02 20:37:50 | 000,400,368 | ---- | M] (Rovi Corporation) -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2011/08/02 20:37:18 | 002,785,776 | ---- | M] (Rovi Corporation) -- C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/20 15:44:18 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe
PRC - [2007/07/26 16:05:44 | 001,232,896 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
PRC - [2007/07/26 14:20:38 | 002,502,656 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\EnergyCut\utilty.exe
PRC - [2007/04/23 02:51:44 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/14 01:47:46 | 000,502,544 | ---- | M] (Dritek System Inc.) -- C:\Program Files\EzButton\EzButton.EXE
PRC - [2007/02/23 10:27:50 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcfcoms.exe
PRC - [2006/12/28 18:48:10 | 000,569,344 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
PRC - [2006/11/02 03:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/21 13:09:26 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/09/14 09:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 09:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/04/13 19:18:10 | 000,057,344 | ---- | M] () -- C:\Program Files\Lenovo\EnergyCut\KbdHook.dll
MOD - [2005/06/24 18:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\EnergyCut\HookLib.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 20:37:50 | 000,400,368 | ---- | M] (Rovi Corporation) [Auto | Running] -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/02/20 15:44:18 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 01:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 01:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/23 10:27:50 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcfcoms.exe -- (lxcf_device)

========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/23 15:23:24 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/09/08 11:20:01 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/07/15 07:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 07:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/12/11 09:28:40 | 000,016,256 | ---- | M] (IdeaCom Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\idcphid.sys -- (IdcPHid) IdeaCom HID Touch Screen Driver (PS/2)
DRV - [2007/11/15 08:46:26 | 000,017,536 | ---- | M] (ensurebit) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CapFilt.sys -- (CapFilt)
DRV - [2007/08/02 03:46:24 | 000,156,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/20 15:51:30 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/06/18 17:21:46 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/06/05 16:39:26 | 000,011,776 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2007/03/21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/28 15:20:40 | 009,599,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/11/02 08:27:38 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\EzButton\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 01:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 01:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2000/12/05 14:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gareth\AppData\Local\Google\Update\1.3.21 .79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gareth\AppData\Local\Google\Update\1.3.21 .79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/22 14:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/06 09:56:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/31 22:18:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/21 12:38:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gareth\AppData\Local\Google\Chrome\Applic ation\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Gareth\AppData\Local\Google\Chrome\Applic ation\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gareth\AppData\Local\Google\Chrome\Applic ation\16.0.912.63\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1804_0\plugins/avgnpss.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\Gareth\AppData\Local\Google\Chrome\Applic ation\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Users\Gareth\AppData\Local\Google\Chrome\Applic ation\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Gareth\AppData\Local\Google\Chrome\Applic ation\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Gareth\AppData\Local\Google\Update\1.3.21 .69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.2_0\
CHR - Extension: YouTube = C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.16_0\
CHR - Extension: AVG Safe Search = C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1857_0\
CHR - Extension: AVG Safe Search = C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Gareth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\6.1.4_0\

O1 HOSTS File: ([2012/01/13 17:24:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [RoxioNowMediaManagerApp] C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe (Rovi Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Gareth\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O9 - Extra Button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe File not found
O9 - Extra 'Tools' menuitem : Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sonic.com ([]https in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{85F44B94-FDB7-4121-A8B8-A3FBC1CC05BF}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gareth\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Gareth\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/13 18:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/13 18:29:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Gareth\Desktop\esetsmartinstaller_enu.exe
[2012/01/13 17:47:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/13 17:24:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/13 17:20:27 | 000,000,000 | ---D | C] -- C:\Users\Gareth\AppData\Local\temp
[2012/01/13 17:08:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/13 17:08:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/13 17:08:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/13 17:08:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/13 17:08:14 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/13 17:08:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/13 17:06:49 | 004,383,253 | R--- | C] (Swearware) -- C:\Users\Gareth\Desktop\ComboFix.exe
[2012/01/12 20:09:10 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Gareth\Desktop\aswMBR.exe
[2012/01/12 10:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2012/01/11 15:11:29 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 15:11:29 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/11 15:03:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/11 15:03:22 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 15:03:19 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/09 19:41:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Gareth\Desktop\OTL.exe
[2012/01/08 21:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2011/12/31 21:47:01 | 000,000,000 | ---D | C] -- C:\Users\Gareth\AppData\Roaming\Skype
[2011/12/31 21:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/12/27 15:29:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LeapFrog
[2011/12/23 10:51:45 | 000,000,000 | ---D | C] -- C:\Users\Gareth\Desktop\Stevens flower
[2011/12/15 11:36:04 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 11:36:04 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 11:36:02 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 11:36:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 11:36:00 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 11:35:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/01/20 16:46:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Gareth\AppData\Roaming\pcouffin.sys
[2007/11/15 08:42:29 | 000,098,304 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/11/15 08:42:29 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007/02/23 06:27:54 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcfih.exe
[2007/02/23 06:27:50 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcfcoms.exe
[2006/12/20 12:06:58 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcfserv.dll
[2006/12/20 12:01:04 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcfcomm.dll
[2006/12/20 11:59:24 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcflmpm.dll
[2006/12/20 11:58:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcfiesc.dll
[2006/12/20 11:55:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcfpplc.dll
[2006/12/20 11:54:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcfcomc.dll
[2006/12/20 11:54:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcfprox.dll
[2006/12/20 11:47:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcfinpa.dll
[2006/12/20 11:46:50 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcfusb1.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/13 20:15:36 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/13 20:15:36 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/13 19:30:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-115450681-3826975574-1507448559-1004UA.job
[2012/01/13 18:29:26 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Gareth\Desktop\esetsmartinstaller_enu.exe
[2012/01/13 18:15:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/13 17:50:59 | 000,640,966 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/13 17:50:59 | 000,117,678 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/13 17:30:02 | 086,694,424 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/01/13 17:24:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/13 17:23:52 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/01/13 17:07:58 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-115450681-3826975574-1507448559-1004Core.job
[2012/01/13 17:06:22 | 004,383,253 | R--- | M] (Swearware) -- C:\Users\Gareth\Desktop\ComboFix.exe
[2012/01/13 00:30:18 | 000,000,512 | ---- | M] () -- C:\Users\Gareth\Desktop\MBR.dat
[2012/01/12 20:09:14 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Gareth\Desktop\aswMBR.exe
[2012/01/12 20:08:42 | 000,302,592 | ---- | M] () -- C:\Users\Gareth\Desktop\d16pm0q0.exe
[2012/01/12 20:04:19 | 000,487,209 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/01/11 04:14:26 | 092,274,688 | ---- | M] () -- C:\1.h2w
[2012/01/10 13:18:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/09 19:41:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gareth\Desktop\OTL.exe
[2012/01/06 07:32:39 | 000,003,182 | ---- | M] () -- C:\Windows\photoimpression.ini
[2012/01/06 07:03:03 | 000,001,776 | ---- | M] () -- C:\Users\Gareth\Documents\Default.rdp
[2012/01/02 19:40:54 | 000,001,146 | ---- | M] () -- C:\Users\Gareth\Desktop\FREE Kodak Offer.lnk
[2011/12/26 22:41:30 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/19 12:18:15 | 000,208,384 | ---- | M] () -- C:\Users\Gareth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/16 11:43:06 | 000,469,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/13 17:08:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/13 17:08:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/13 17:08:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/13 17:08:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/13 17:08:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/13 00:30:18 | 000,000,512 | ---- | C] () -- C:\Users\Gareth\Desktop\MBR.dat
[2012/01/12 20:08:53 | 000,302,592 | ---- | C] () -- C:\Users\Gareth\Desktop\d16pm0q0.exe
[2012/01/11 04:14:23 | 092,274,688 | ---- | C] () -- C:\1.h2w
[2012/01/10 13:18:02 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 19:40:54 | 000,001,146 | ---- | C] () -- C:\Users\Gareth\Desktop\FREE Kodak Offer.lnk
[2011/09/04 12:02:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/03/17 10:26:08 | 002,336,384 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/03/17 10:26:08 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/03/17 10:26:08 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/03/17 10:26:08 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/03/17 10:26:08 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/03/03 14:11:47 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\spqvg.sys
[2010/11/26 18:22:35 | 000,003,182 | ---- | C] () -- C:\Windows\photoimpression.ini
[2010/11/26 18:21:54 | 000,000,021 | ---- | C] () -- C:\Windows\PI_setup.ini
[2010/05/03 17:22:20 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2010/01/22 13:11:39 | 000,217,336 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/11/25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/20 21:07:00 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/08/04 18:35:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/04 18:35:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/13 14:12:08 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2009/04/07 17:13:11 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2009/03/11 14:59:08 | 000,000,094 | ---- | C] () -- C:\Windows\awshkwv.ini
[2009/02/20 15:44:18 | 000,266,240 | ---- | C] () -- C:\Windows\System32\CSHelper.exe
[2008/11/14 02:01:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.b in
[2008/02/11 17:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 17:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 17:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 17:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/01/20 16:46:13 | 000,007,887 | ---- | C] () -- C:\Users\Gareth\AppData\Roaming\pcouffin.cat
[2008/01/20 16:46:13 | 000,001,144 | ---- | C] () -- C:\Users\Gareth\AppData\Roaming\pcouffin.inf
[2008/01/20 14:13:29 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2008/01/12 14:20:58 | 000,208,384 | ---- | C] () -- C:\Users\Gareth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/06 08:10:43 | 000,023,888 | ---- | C] () -- C:\Users\Gareth\AppData\Roaming\UserTile.png
[2008/01/02 14:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 14:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 14:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 14:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/01/01 22:47:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\sam.ini
[2008/01/01 22:19:52 | 000,487,424 | ---- | C] () -- C:\Windows\System32\FDRpage.dll
[2008/01/01 22:19:42 | 000,192,512 | ---- | C] () -- C:\Windows\System32\CreateDir.exe
[2008/01/01 13:05:21 | 000,000,087 | ---- | C] () -- C:\Windows\encore_launcher.ini
[2007/12/31 12:19:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/12/24 14:38:01 | 000,000,680 | ---- | C] () -- C:\Users\Gareth\AppData\Local\d3d9caps.dat
[2007/12/17 21:03:28 | 000,027,440 | ---- | C] () -- C:\Users\Gareth\AppData\Roaming\Gareth.idx
[2007/11/15 12:00:36 | 000,011,900 | ---- | C] () -- C:\Windows\datetime.dat
[2007/11/15 09:14:20 | 001,560,576 | ---- | C] () -- C:\Windows\System32\MainOp.dll
[2007/11/15 09:14:20 | 000,208,896 | ---- | C] () -- C:\Windows\System32\Image.dll
[2007/11/15 09:14:20 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll
[2007/11/15 09:14:20 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll
[2007/11/15 09:14:20 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll
[2007/11/15 09:14:19 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll
[2007/11/15 09:14:19 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ApBlend.dll
[2007/11/15 09:14:18 | 001,327,104 | ---- | C] () -- C:\Windows\System32\ImageReog.dll
[2007/11/15 09:14:18 | 000,622,592 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
[2007/11/15 08:49:52 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/11/15 08:46:38 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
[2007/11/15 08:46:37 | 000,023,040 | ---- | C] () -- C:\Windows\ScrSav.dll
[2007/11/15 08:42:30 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007/11/15 08:42:29 | 009,599,744 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/11/15 08:38:41 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/11/15 08:38:41 | 000,000,143 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/07/18 01:33:25 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/07/18 01:33:25 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2007/01/22 03:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcfcoin.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,469,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,640,966 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,117,678 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/18 00:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcfvs.dll

< End of report >

**Jintan** · #18 January 14th, 2012, 02:58 AM

Looks good. Just a few changes to make.

Code:

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=-
"ProxyServer"=-

Open Notepad (Start - Search, type Notepad then press OK), and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

A reboot will be necessary to complete those changes. System shows as clean at this point. Before we consider some cleaning up steps, post back on any problems we still need to address please.

heather321 · #19 January 14th, 2012, 03:07 AM

Working Awesome!! Dont think it has ran this fast since I bought it..

Quick Launch is still not showing icons?? I am sure I can just drag some there and they would work, but not sure how to get the "Show desktop" one there and I use that all the time.

Otherwise working super good.. One Question for ya.. Do you think AVG is an good virus protection or do you suggestion something else?? I am tight on money, so free is better.. but wanted your opinion.

Thank you for all your awesome help!

**Jintan** · #20 January 14th, 2012, 11:38 PM

Just to skip the chance of have to do a lot of checks, run this Fixit to return that show desktop quick launch shortcut, and drag and drop at least one other you want to it to see if you can just recreate them. If you can't then we'll up our checks a notch.

This drive seems to be part of Daemon Tools, but I didn't notice in in the logs:

[2011/03/03 14:11:47 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\spqvg.sys

If you would locate and zip a copy of that, and send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files -heather321/cth/driver" as the email Subject.

------------

Also navigate to this folder, and just inside and post back what you see, or if the info is obvious, what it's purpose is there please:

C:\1.h2w

Web info indicates it's used to test USB drives.

heather321 · #21 January 15th, 2012, 01:50 AM

the fix it tool didnt work because my operating system, but I did the thing that said let me fix it myself and that worked..
I tried to email you, but my email is gmail and it says it does not allow me to send that kind of file. any other way I can send it to you?

and the 1.h2w, I have no clue what that is and it says it was created at 4am on 1/11/12, which I am pretty sure no one was on the computer at that time. I am pretty sure we were all sleeping, and my computer would have been either off or sleeping too.. so it is very weird. I tried to open it in Notepad, but it didnt work, the little waiting deal just kept circling.

**Jintan** · #22 January 15th, 2012, 01:59 AM

Sorry. MS updated their old info pages and that one looked like your operating system, first glance. But good you got it resolved. Did you zip the file you were trying to send (Right click the file - Send To - Compressed (zipped) Folder)? I would also like you to zip that C:\1.h2w, and send that as an attachment as well. If you happen to belong to a free upload site, you can do that, and post the link here.

heather321 · #23 January 15th, 2012, 02:27 AM

Yep I zipped the file.. I dont have any upload site.. Do you know of any free ones I can do it with?

**Jintan** · #24 January 15th, 2012, 02:42 AM

Just go here. Click Register, using whatever you like for that (name etc.). Then go here (same site), click New Topic, name it Uploads, then in that post place a link to this thread (address bar info at the top here).

Then press the browse button and then navigate to & select those zipped files on your computer.

You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.

Just click the "(more attachments)" next to the Browse button to upload more than one file.

heather321 · #25 January 15th, 2012, 03:05 AM

I can click and browse, but when I click post it doesnt do anything.. The Preview shows me a preview and the spell check pops up a box.. Just seems very weird? Any ideas.. I am going to try to save items to a flash drive and see if my desktop will work.

heather321 · #26 January 15th, 2012, 03:33 AM

My desktop just sits and tries to go, but doesnt go..

So I went to Mediafire and I am uploading them as we speak.. I am not sure about this website, but I just googled free upload site and it came up, so thought i would try it. Will let you know when it is done.... Maybe the files are too big for that site??

heather321 · #27 January 15th, 2012, 03:55 AM

Sorry for so many posts... I did try to just upload one file at a time and the spqvg.zip one did upload.. the other one is like 86 MB, so not sure if that one will upload on that site.. I am trying both the Mediafire one and the Spykiller one.

Here is a link to Spykiller thread.. http://thespykiller.co.uk/index.php/topic,9877.0.html

heather321 · #28 January 15th, 2012, 04:04 AM

http://www.mediafire.com/?pwd653ggppe6p6x

See if you can access the other file here..

**Jintan** · #29 January 15th, 2012, 11:09 PM

I received the files, thanks. Sorry I failed to notice how large that one was. The SpyKiller upload was a copy of Avenger, used by Malwarebytes to delete tough files. Usually self-removes after use, so this one was likely interfered with while the system was infected. You just delete that spqvg.sys file now.

That large one was all just encrypted code. Would require another file or function to decrypt it, to use it for whatever it's purpose might be. See if you can just rename the original file to fred.dog, wait a few days, and if nothing pops up saying it is missing 1.h2w, go ahead and delete it.

What issue still exist there we need to address please?

heather321 · #30 January 15th, 2012, 11:53 PM

Ok, I deleted the spqvg file and also renamed the 1.h2w to fred.dog

As for issues, the only one I have noticed is that when I go to the Start Menu and for example, I go to the Itunes folder to open up itunes, the folder is empty.. I can type itunes in the search and it finds it, but its not the only one that is missing.. Leapfrog Connect was another. And both these also use to be on the desktop, but did not come back after whatever we did that got most of the icons back ( I ddint notice that until I needed to go into them last night to update things on my nephew's toys)

Otherwise everything seems to be working great!! Its crazy how fast it seesm now